Monday Aug 23, 2010

Working with RDP settings in Oracle VDI

The display protocol between Sun Ray DTUs (or the software application Oracle Virtual Desktop Client) and the Oracle VDI servers is ALP, the Appliance Link Protocol. ALP is a latency friendly protocol and very efficient in Wide Area Networks. Between the Oracle VDI servers and the Virtual Desktops, hosted on the virtualization infrastructure, the RDP protocol is used and implemented through the Sun Ray Connector for Windows.

The Oracle VDI broker uses standard RDP settings that you may change as an Oracle VDI administrator. This is done per pool configuration and available through the Oracle VDI GUI or via CLI-commands. In the below picture you see how to navigate in the Oracle VDI GUI to the pool settings: select Pools in the left column, select the Pool you want to customize (in my case Windows XP Pool) and select the tab Settings.

If you scroll down on the Pool Settings page you see the section for Sun Ray specific pool settings and the option to customize the settings for RDP. Pay attention to the order of selecting the options:

  1. Select the hyperlink Edit Sun Ray RDP Settings and enable the desired settings in the page that displays, save the changes and go back to the Pool Settings page.
  2. Select the checkbox Use Customized Settings,
  3. Save the changes
I have made multiple times the error to go directly to the Edit Sun Ray RDP Settings after I selected the checkbox. If you don't save the change, and you come back from Edit Sun Ray RDP Settings page, the checkbox is not activated anymore.

In the case you have changed the Sun Ray RDP settings and the result is still different then what you were expecting, you can go to the Oracle VDI server command-line (via SSH or Putty) to do some trouble-shooting. As you may know already, the RDP client for a Sun Ray session is called uttsc in Solaris. The desired RDP settings that you configured in the GUI are passed as arguments through this uttsc process on the server.

A very nice tool in the trouble-shooting process is the Solaris pargs CLI-command, which gives you information about the arguments that are passed to a Solaris process (identified by a Process ID).

In my example (see below) I want to investigate the RDP settings for a Sun Ray user with userid jaapr. I have to find out to which server Jaap's Sun Ray session is connected (press the three audio-keys on a Sun keyboard), I connect to this server with SSH/Putty and with the process ID of the uttsc process (better to use uttsc-bin for this) I investigate the RDP settings:

root@vdiserver:~# ps -ef|grep jaapr|grep uttsc-bin
   utku5 28223 28204   0 17:42:11 ?      0:00 /opt/SUNWuttsc/lib/uttsc-bin -m -u jaapr ...

root@vdiserver:~# pargs 28223
28223:  /opt/SUNWuttsc/lib/uttsc-bin -m -u jaapr -S 5 -d SUNVDI -i -r usb:on -E wallpap
argv[0]: /opt/SUNWuttsc/lib/uttsc-bin
argv[1]: -m
argv[2]: -u
argv[3]: jaapr
argv[4]: -S
argv[5]: 5
argv[6]: -d
argv[7]: SUNVDI
argv[8]: -i
argv[9]: -r
argv[10]: usb
argv[11]: -E
argv[12]: wallpaper
argv[13]: -E
argv[14]: theming

And here you have the complete listing of the RDP settings that are used for a specific Desktop session in a selected VDI pool.

Thursday Aug 19, 2010

Use a different Kiosk session in Oracle VDI

Today I was preparing a customer project on my test server to run a different application (then the default Oracle VDI desktop) on some special Sun Ray DTUs. In a recent post I wrote about configuring Opera as a Sun Ray Webkiosk browser and this was the application we wanted to run on the special DTUs (for a reception area). In this article I explain how to configure this for the Webkiosk browser, but the scenario is the same for every application you have in mind for a kiosk session.

There are multiple ways to configure different kiosk applications in the Oracle VDI server environment:

  1. Write your own Kiosk Mode scripts. The Think Thin Blog is a very good source to get your inspiration,
  2. Use the Meta Kiosk add-on developed by Daniel Cifuentes,
  3. Use the standard Kiosk Mode interface as described in Jörg's Desktop Blog.

I decided to use method three, it is a less known feature in the Sun Ray Server software (which is embedded in the Oracle VDI software), easy to configure via the CLI (unfortunately it is not yet integrated in the GUI) and you do not need to write a shell-script to control the multiple applications Kiosk Mode logic.

To refresh your mind from the earlier blog post about Opera: you need to install the Opera web-browser on your Oracle VDI servers and you need to store the kiosk description file and launcher in the directory /etc/opt/SUNWkio/sessions.

When this is done you let the Oracle VDI server know that for a pre-determined number of Sun Ray DTUs you do not want to use the default (Oracle VDI) kiosk session, but the alternative Opera Webkiosk session (or any session that you have in mind as alternative). This is a three step process:

1. First you have to store the Opera browser kiosk session configuration in the Sun Ray server data store. You have to create a little configuration file and use this file to store the information in the data store. After this is done you check if it is stored together with the default session

    # I have created the WebkioskSession.conf with an editor.
    root@vdiserver:# cat WebkioskSession.conf
    root@vdiserver:# utkiosk -i WebkioskSession -f WebkioskSession.conf
    root@vdiserver:# utkiosk -l

2. Then you register the token of the device (e.g. pseudo.00144f5787d1) or the token of a smart-card. Adding a name to the registration is mandatory, I use dummy01 as a not existing username.

    root@vdiserver:# utuser -a "pseudo.00144f5787d1,,,dummy01,"

3. In the last step you override the default kiosk configuration by the alternative and restart the session by killing the current session for that token. 

    root@vdiserver:# utkioskoverride -r pseudo.00144f5787d1 -s kiosk -c WebkioskSession
    root@vdiserver:# utsession -k -t pseudo.00144f5787d1

If you have multiple tokens (for example 20 Sun Ray DTUs in your reception area), then step two and three are very easy to script in a shell command or shell script. I let this to the user as this is out-of-scope for this article.

Wednesday Aug 11, 2010

Change default Desktop Login Language in Oracle VDI 3.2

One of the new features in the recently released Oracle VDI 3.2 software is the addition of the Dutch language in the Oracle VDI Desktop Login screen. In this article I explain how to change the default Desktop Login language to your preferred language (I use Dutch in the examples, because I live in the Netherlands ;-) 

As soon as you connect with your Sun Ray DTU or Oracle Virtual Desktop Client (OVDC) to the Oracle VDI server you get the standard Desktop Login window. Most of the time, this window defaults to the English language (see the below picture). Through the "More Options, Language" drop-down menu you see a list of supported languages. With a few simple steps you can change the default language of the Desktop Login to your preferred language.

Oracle VDI Desktop Login Window in English Language

The Desktop Login window is launched by the Kiosk interface scripts. This is the glue between the embedded Sun Ray server software and the Oracle VDI broker software. The Kiosk interface scripts determines the language setting for the Desktop Login window through the underlying operating system. In our Solaris 10 Oracle VDI server this is done with the locale parameters.

During the Solaris 10 Operating System installation, the English version of Solaris is installed by default. Most likely you only provided information about the timezone of your server and not the information for your geographic regions and software localizations. On the Sun Developers Network website you can check a list with locale settings in the Solaris Locale Chart. To use the Dutch language in the Oracle VDI Desktop Login we need the nl_NL locale which is part of the Western European Region (WEU) in Solaris 10.

Follow the next four steps to configure your preferred language for the Oracle VDI Desktop Login window:

1. Check the installed locales on your Oracle VDI server with the following CLI-commands:

  # First check the current locales on the server (in this case it is the default)
  root@server:# locale -a

  # Or check if the Dutch locales are installed on your server
  root@server:# locale -a | grep nl

2. If your locale exists go to step 3, otherwise load your preferred locale from the Solaris 10 installation media (the Solaris 10 installation DVD or the downloaded Solaris 10 iso-file):

  # Insert Solaris 10 DVD in your drive, it will be automounted under /cdrom
  # In my example we install the nl_NL locale
  root@server:# localeadm -a nl_NL -d /cdrom/sol_10_1009_x86/

  # Use the following CLI-commands if you installed from an iso file
  # Find your iso file (in my case /stage) and mount the iso into a directory /mnt
  root@server:# mount -F hsfs -o ro `lofiadm -a /stage/sol-10-u8-ga-x86-dvd.iso` /mnt
  root@server:# localeadm -a nl_NL -d /mnt
  root@server:# umount /mnt; lofiadm -d /dev/lofi/1

3. Configure the locale in the Sun Ray Kiosk general properties settings:

  • Go to the Sun Ray sever Admin GUI (https://server:1661/) and login with root/passwd
  • Select Tab Advanced, sub-Tab Kiosk Mode and select Edit to change the properties for the Oracle Virtual Desktop Infrastructure session type. 
  • In the Locale property configure your preferred locale as shown in the below picture and save the properties

SRSS Admin GUI, Kiosk Mode properties

4. Restart your DTU session to show the new Desktop Login Language setting:

  • You can do this by selecting Quit in the Desktop Login window, or
  • You can do this with the key sequence CTRL-ALT-BS-BS.
If all went well you will see the Oracle VDI Desktop Login window in your preferred language. The below picture shows the Desktop Login window for the Dutch language.

Oracle VDI Dutch Desktop Login window

Oracle VDI 3.2 Released

Hot off the press: Oracle VDI 3.2 is released today. Some of the new features in Oracle Virtual Desktop Infrastructure 3.2 are:

  • Global hot-desking: to build multiple Oracle VDI clusters in different data-centers. This can be used for roaming of users over multiple locations (nation-wide or world-wide) or used in disaster recovery scenario's where users can be offered a guest-desktop in another data-center if there is a disaster in their home data-center.
  • Multi-company capabilities: this especially is useful for service-providers who want to offer a Virtual Desktop service to multiple customers where every customer is using its own (Active/LDAP) Directory.
  • For Windows (XP and 7) there is a Fast-preparation option instead of using the default Microsoft system prepartion. This is useful to speed-up your cloning process.
  • Oracle branding and download from the Oracle e-delivery website.

See the following links for more information:

Stay tuned for more updates on this new release !!

Monday Jul 19, 2010

Using Oracle Virtual Desktop Client with smart card

As you may have discovered, last week Oracle released updates for Sun Ray software and the Oracle Virtual Desktop Client (OVDC) which are described in more detail on the ThinkThin blog.

I wanted to test OVDC with the new smart card functionality to hotdesk my Desktop session between a Sun Ray DTU and the OVDC. But I encountered a small issue when using the smart-card (in fact I was to lazy to read the Release Notes :-)

Before using OVDC you have to enable access for it on the server. This is done automatically if you use the Sun Ray server software as part of the full Oracle VDI stack. But you can also do this manually via the Sun Ray Admin GUI. However, for enabling OVDC access with a smart card this option is not available yet in the Admin GUI. Below I explain what I did in my demo-server infrastructure.

I connected with OVDC on my Windows XP notebook with integrated smart card reader to the patched Sun VDI server and I did get the standard Oracle/Sun VDI Desktop Login screen. When I inserted a smart card in my Windows XP notebook, it connected to the VDI server, but it did not get the Desktop Login screen. Instead, I did get a little icon with a status code 47 in the lower right.

No OVDC Access Icon

On the Sun Ray Wiki you can find a page with SRSS Troubleshooting Icons, where I found that status code 47 means No access for Sun Desktop Access Clients. The Release notes of OVDC helped me to find out that I can enable access for OVDC smart card sessions with the utpolicy CLI-command and the switch -u to specify the policy for card, pseudo or both (resp. smart card session, non-smart card session and both types).

I logged into my Sun VDI (or standalone Sun Ray) server as the root user and I changed the Sun Ray server policy with the following commands:

# First check the current policy on the server
root@vdiserver:# /opt/SUNWut/sbin/utpolicy
# Current Policy:
-a -z both -k both -m -u pseudo

# Change the policy (-u both) to accept card and non-card OVDC sessions
root@vdiserver:# /opt/SUNWut/sbin/utpolicy -a -z both -k both -m -u both

# Restart authentication manager (needed for policy change)
root@vdiserver:# /opt/SUNWut/sbin/utrestart -c

After the restart of the Sun Ray Server services and reconnecting OVDC to the server I could hotdesk my Virtual Desktop session between the Sun Ray DTU and the OVDC software client.

Thursday Jul 15, 2010

Updates for Sun Ray Software

A quick note about Sun Ray Software updates already posted in other blogs: my colleague Arjan posted a blog about the Oracle Sun Ray press announcement and on the ThinkThin blog two articles (more technical/functional oriented) about the updates in the Sun Ray Software and a new version of PCSC-lite software.

Solaris for Oracle VDI Administrators (2)

I continue with my articles about Solaris Administration for Oracle VDI Administrators, my first article was about adding Solaris Freeware packages, this article is about installing patches.

If you have a valid support-contract for your server software, you are able to download patches from the website. Sometimes (but not very often :-) there are patches released for Oracle VDI.

A good source to keep you up-to-date on Sun Ray and Oracle VDI patches is the Sun Ray Users Group website, where you can find an overview of current and older versions of patches (Edit: better to use the official Sun Ray Wiki page with an overview of Sun Ray Software patches).

Recently a patch for Sun Ray firmware was released to support the new Sun Ray 3+ client in the current Sun Ray server software. For example, to check if you already installed that 140994-02 patch (Edit: I just found out that there is a new revision of this patch: 140994-03) on your x86 Oracle VDI server, you can execute the followng CLI-commands on your Oracle VDI or Sun Ray server:

# To show patch versions of all the patches on your server
root@vdiserver:# showrev -p 

# Check if a specific patch have been applied to a system, e.g. 140994
# There is no result when the patch is NOT applied, otherwise
root@vdiserver:# showrev -p | grep 140994 

# To check which Sun Ray Server specific patches are installed on your
# server (output is a list with the installed patches) 
root@vdiserver:# /opt/SUNWut/lib/utspatches

I'm not going to tell how to patch the server, this information is provided in the README file of the patch description. Most likely before and after applying a patch with the patchadd CLI-command, you have to do some additional instructions.

Friday Jun 25, 2010

Solaris for Oracle VDI Administrators (1)

The core component of the Oracle VDI solution is the Oracle VDI broker/session manager which you deploy in your session management layer of your Virtual Desktop infrastructure. It is an integrated stack of software components with a single installer which you install on a Solaris server: one server if you want to demo or evaluate the software or in a cluster of servers for production use.

After initial installation and configuration the server behaves like an appliance, you administer the Oracle VDI platform through the web-interface. Also the Sun Ray server component is managed through the web-interface.

Although you do not need to be a Solaris expert (most VDI platforms are managed by administrators from the Windows domain) to manage a Oracle VDI broker/session manager server, some Solaris command line knowledge is a value add in managing the Oracle VDI platform.

I hope to write some articles in the future about common Solaris SysAdmin jobs that could be used in the daily life of Oracle VDI Administrator. In this post I like to show some commands that you use when you add additional software packages to your Solaris Server. I do not present the output of the CLI-commands, you are encouraged to execute the below instructions on your Solaris Oracle VDI server to understand the output.


Usually when I have installed a Solaris server, I add additional packages from the public domain that I have downloaded from, the Freeware for Solaris package repository. An example of such a package is rdesktop, the X-windows client for Windows terminal servers. You may think why should I install this package (Oracle VDI has its own uttsc RDP-connector), but I explain that later.

# Decompress the downloaded package
root@vdiserver:# gunzip rdesktop-1.5.0-sol10-x86-local.gz

# Install and transfer the software package to the system
root@vdiserver:# pkgadd -d rdesktop-1.5.0-sol10-x86-local

# Check software package installation accuracy (before you add to the system)
root@vdiserver:# pkgchk -d rdesktop-1.5.0-sol10-x86-local

# Check if software package is already installed
root@vdiserver:#  grep rdesktop /var/sadm/install/contents

# Or check if software package is already installed with pkginfo
root@vdiserver:#  pkginfo | grep rdesktop

If you do install this rdesktop package on your server, do not forget to install the dependency packages as described on the website.

Sample rdesktop use-cases: 

As you may know, the uttsc RDP-connector in the Oracle VDI server (or the stand-alone Sun Ray server software) only displays on a Sun Ray client. It does not work when it is executed from the console of the server or via a remote SSH session. For this purpose I use the rdesktop RDP-connector.

Consider you are working on a Apple or Linux notebook (or your Windows desktop with a local X-display) and you want to test the RDP connection from a remote Oracle VDI server to a Windows system (might be Windows XP virtual machine or Windows 2003 Terminal server) then these are the commands that you can use:

# Connect with RDP from VDI server to a Windows Terminal server
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop ip-address-wts

# Assume you know Virtual Desktop VM IP-address via Oracle VDI 
# web-interface, connect with RDP from VDI server to a VM
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop ip-address-vm

# This is cool: use the VDI server's RDP broker to test a Virtual Desktop VM 
# of an assigned user
# Warning: passwd may be visible on vdiserver when tools like "ps" are used.
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop \\
                    -u username -p passwd ip-address-vdiserver

# Same use-case, but you hide the passwd and have to enter the windows passwd
# after you have entered the SSH passwd
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop \\
                    -u username -p - ip-address-vdiserver

That's it for now, please let me know if you have specific wishes for this series of articles. Or let me know what CLI-commands you are struggling with as a Oracle VDI administrator.  

Tuesday Jun 15, 2010

Changing VMware Desktop provider password in Oracle VDI

During a Virtual Desktop deployment project there are always multiple groups in the organization that are responsible for parts of the architecture. This is the challenge for the project manager and the lead architect of the project: make sure these groups work together and streamline the communication and architectural decisions.

In one of our projects where we worked with the Oracle VDI software and Windows XP virtual desktops running in a VMware vSphere virtualization back-end we had a little issue that was caused by a lack of communication between the SysAdmins (in this case between the VMware SysAdmins and the Oracle VDI Admins, who were not in the same group).

As you may know the Oracle VDI session broker is assigning and connecting end-users to virtual desktops. When a user logs in to the desktop client, Oracle VDI requests a virtual desktop IP-address of the assigned user from the VMware vCenter server. When vCenter returns the IP-address, Oracle VDI establishes a session between the user's desktop client and the virtual desktop.

Back to our project. During a system maintenance window in the non-office hours, the Oracle VDI cluster was rebooted. When the system came back online again, the end-users couldn't login anymore into their virtual desktops. After some trouble-shooting we found out the connection between the Oracle VDI cluster and the VMware vCenter server failed (see the example screen-shot of the Oracle VDI GUI):

VMware DP unresponsive

The reason the status was reported as Unresponsive had to do with a changed Administrator password in the Windows 2003 server where the vCenter software was running. The password change was implemented by the VMware vCenter Administrator several weeks before this issue happened, but it did not impact the connection between vCenter and Oracle VDI at that time.

Oracle VDI takes advantage of the web services API provided by the VMware Infrastructure SDK to communicate through HTTPS with VMware vCenter. When you setup a connection between the two components you have to verify that the servers are able to communicate: 

  • verify that the VMware vCenter Webaccess component is installed and configured.
  • verify that Port 443 (HTTPS) is enabled in any firewall that may be active on the vCenter server system.

VMware Desktop Provider configurationDuring configuration of the VMware Desktop Provider in the Oracle VDI GUI you specify the server properties and the administrator credentials of the vCenter server as shown in the left image.

At this time Oracle VDI opens a HTTPS connection to the VMware vCenter server for the first time (this open connection also happens during an Oracle VDI service startup after reboot).

This connection is cached and re-used as long as possible. In Oracle VDI there is a system thread that periodically checks if the connection is still usable. If it's not usable it tries to reestablish a new one.

One side effect of this checking is that the connection is typically kept alive for a long time. This is most likely what happened in our environment. 

The issue was solved when we updated the password of the VMware Desktop Provider settings in the Oracle VDI broker. This is done by the CLI-command vda and VMware DP as the name of my provider:

root@vdiserver:~# vda provider-vc-setprops --properties=password-prompt "VMware DP"
Enter password for host vc.sunvdi.local: XXXXXXXX

Updated Provider Settings

When the password was changed, Oracle VDI reported Status OK in the VMware vCenter Desktop Provider Summary overview and since that change all the end-users could connect again to their assigned desktops.

I leave it up to the imagination of the reader to conclude the moral of the story :-)

Tuesday Jun 08, 2010

SysAdmin access in Oracle VDI

The Oracle VDI server software is an integrated stack with a single installer. It installs several components in the Solaris server system such as the vdi-core, the embedded cluster database, the rdp-broker and last but not least, the Sun Ray server software.

Oracle VDI Desktop Login screenAfter the installation and configuration of your Oracle VDI cluster, the Sun Ray server software is by default configured in kiosk mode policy with Oracle VDI as the standard application. When you connect a Sun Ray DTU device to the network it always displays the standard Desktop Login screen as shown on the left, both for smartcard or non-smartcard access.

When you enter your user credentials you are connected to your assigned virtual desktop. Wherever you are, wherever you go, you are always connected to your own desktop. This is perfect for the end-user, but the System Administrator always has more wishes to connect to the IT-system.

The SysAdmin responsible for the Oracle VDI cluster manages the infrastructure of the virtual desktop platform with the web-based Oracle VDI GUI. With the GUI the SysAdmin manages the following components:

  • the connection to the user-directory (such as the Active Directory),
  • the connection to the virtualization platforms (Virtual Box or VMware) and the storage infrastructure,
  • the assignment of users to desktops,
  • the pools where the virtual desktops resides on the platform.

Oracle VDI Web-admin GUI

For the more advanced features the SysAdmin has the possibility to access the underlying Solaris system and use CLI-commands or inspect log-files. Most likely, the SysAdmin desktop device or laptop is connected to a management network and he logs into the Oracle VDI server using the SSH-protocol.

I always find it useful to add another access mechanism for the SysAdmin. This is typically needed when you want to support the end-user at his desk in his office and want fast access to the Oracle VDI server to troubleshoot for example. I configure a smart-card which offers me a regular Solaris desktop on the Oracle VDI server (note: this is unsupported for end-users in the VDI model, but IMHO fine for limited use for SysAdmins).

Configuring the smart-card for Solaris access is very easy to do, a few CLI- commands on the Oracle VDI server while your smart-card is inserted in the Sun Ray DTU. First you discover your smart-card tokenID with utsession -l (in my case it is MicroPayflex.500406f700130100), you register the smart-card with utuser -a in the Sun Ray server data-store and then you override the standard smart-card policy with utkioskoverride -s regular for this smart-card tokenID:

    # utsession -l
      Configuration for token ID 'MicroPayflex.500406f700130100':
    # utuser -a "MicroPayflex.500406f700130100,,,jaap,"
      Added one user.
    # utkioskoverride -s regular -r MicroPayflex.500406f700130100
      The session type has been successfully changed. Please note that changes
      will only take effect the next time a session is started for the specified
    # utsession -t MicroPayflex.500406f700130100 -k

The last CLI-command utsession kills your current Sun Ray session (the one with the Oracle VDI Desktop Login screen) and returns with a regular Solaris Desktop login as shown in the picture below.

Solaris Desktop Login screen

The utkioskoverride is a very powerful CLI-command. One of the Sun Ray engineers has written a nice blog about Using different Kiosk Sessions for different tokens. Recommended to read if you need some more flexibility in Kiosk configuration settings.

Wednesday Jun 02, 2010

Opera: a Sun Ray Webkiosk browser

In one of my recent projects I had to install Sun Ray DTU devices in a reception area of an office building. The requirement was to use the Sun Ray as an information stand:

  • Deny access to the Desktop operating system, but provide Web browsing
  • Reset after periods of inactivity

I decided to give it a try with the Opera web browser which runs both on Solaris and Linux systems. My example installation is on Oracle Enterprise Linux, but it is also tested on Solaris x86.

Opera is a web browser with increasing popularity and runs on multiple platforms. Opera has some nice kiosk mode features such as:

  • Start-up dialogs are not shown
  • Full-screen mode is enabled by default, you can't escape from it
  • Toolbars and application bar are disabled
  • URL Filtering

Before I start configuring and customizing Opera for Sun Ray I did the following standard installation steps:

  • Download and install Opera on my Sun Ray server
  • Configure Flash, Java and Acroread plugins (follow the instructions on this webpage)

My next step is to perform some Opera configuration settings. I will do this as a standard Linux user (I did it as the root user) by launching the Opera browser. When launched for the first time Opera will create a $HOME/.opera configuration directory.

Opera has a Preferences Editor which you access via entering the opera:config URL. I used the following two configurations settings to adjust my Kiosk Mode preferences:

  • "Go Home Time Out": which is found under the Special section. This setting is used for resetting the kiosk after a certain period of inactivity in seconds. I used a setting of 600 (which is 10 minutes).
  • "URL Filter File": which is found under the Network section. Here you can choose your file path (or use the default setting $HOME/.opera/urlfilter.ini) where you store your URL filter rules.
  • I also changed the default home page, in my case I changed it to

After exiting the Opera web browser, I created the URL filter rules in the default URL Filter File:

# vi $HOME/.opera/urlfilter.ini
   prioritize excludelist=1

See the Opera Kiosk Mode webpage for the explanation of the URL Filter File. I used these settings to allow http(s) URLs only. With these URL filters I also disallow the file://localhost/\* URLs to prevent viewing local files from the Sun Ray Software server.

At this time, my Opera configuration is ready for Sun Ray kiosk mode. I copied the configuration files to the default kiosk mode prototypes directory on all my Sun Ray servers in the Server Group. The Sun Ray kiosk mode module takes care of copying the profile to the right place in the server system when a user accesses the Sun Ray and his Opera kiosk session

# cd $HOME
# cp -r .opera /etc/opt/SUNWkio/prototypes/default/

The last step in my configuration is to tell the Sun Ray server how to start the Opera browser in kiosk mode. You do this by creating a kiosk descriptor file and a kiosk session executable. The descriptor will be detected in the Sun Ray server Admin GUI where you enable the service. In the below steps you see the kiosk files I used in my server.

1. create the Sun Ray kiosk descriptor 

  # vi /etc/opt/SUNWkio/sessions/webkiosk.conf 
    KIOSK_SESSION_LABEL="Webbrowser Kiosk Mode"
    KIOSK_SESSION_DESCRIPTION="Webbrowser (Opera) in limited Kiosk Mode to provide I
    nternet Web services to Sun Ray Kiosk Users"

2. create the session execution script

  # mkdir /etc/opt/SUNWkio/sessions/webkiosk
  # vi /etc/opt/SUNWkio/sessions/webkiosk/ 

    # Set sleep and blanking timeouts to 0
    # Uncomment if on Solaris
    #/usr/openwin/bin/xset -dpms s off
    # Uncomment if on Linux
    /usr/bin/xset -dpms s off

    $OPERA_EXEC -kioskmode -kioskbuttons -nosave -noprint  \\
            -nochangebuttons -nocontextmenu -nodownload \\
            -nokeys -nomail -nomaillinks -nomenu 

Again, see the Opera Kiosk Mode website for the explanation of the Opera switches. With these switches you still see the main toolbar and address bar. Some of the buttons (such as the print button) are greyed-out. If you want to disable the address bar and toolbar you remove the -kioskbuttons switch, then you only see the viewed web-page.

Monday May 31, 2010

Sun Ray 3 Firmware available

A quick note: as posted on the Think Thin blog, Sun Ray Core Services Patch -02 for SRSS 4.2 is available for download from

Friday May 28, 2010

Install Sun Ray Server software in Oracle Enterprise Linux

In this article I continue my installation of Oracle Enterprise Linux from an earlier blog post. The below instructions are based on an internal Wiki article written by a Sun colleague (thanks for the pre-work). 

Prepare Oracle Enterprise Linux for Sun Ray Server software 

I'm now ready to install the Sun Ray Sever software. After you logged in for the first time as the root user in your just installed Oracle Enterprise Linux server, you have to prepare the system for Sun Ray Server software installation: add additional packages and change some Linux configuration files.

In Oracle Enterprise Linux yum is used to install additional packages. Reconfigure yum to run from the DVD repository. This is done by adding the following contents to a new file (Note that the mediaid comes from the file /media/Enterprise Linux dvd 20090908/.discinfo):

    # vi /etc/yum.repos.d/dvd.repo
      name=DVD for RHEL5 

Oracle also hosts a yum-server for Oracle Enterprise Linux, this also should work but I have not tested this. 

You are now ready to install additional packages or groups of packages. The package list and versions which must be installed prior to Sun Ray Server installation are:

    # yum groupinstall "Development Tools"
    # yum install glib-1.2.10
    # yum install dhcp-3.0.5
    # yum install openldap-clients-2.3.43
    # yum install libXp-1.0.0
    # yum install openmotif22-2.2.3
Also the /etc/hosts file need some changes: the hostname must be removed from address and the host primary IP address and hostname must be added. The result must be something similar to:
    # vi /etc/hosts
      # Do not remove the following line, or various programs
      # that require network functionality will fail.       localhost.localdomain localhost
      ::1             localhost6.localdomain6 localhost6  host19.sunvdi.local host19

This finished the preparation on Oracle Enterprise Linux, we are now ready to install Sun Ray Server software.

Install Sun Ray Software

For download instructions for the Sun Ray Server software I refer to the Sun Ray Wiki website. After downloading the the Sun Ray Server software for Linux zip-files in my staging directory I start the installation:

    # cd /stage/sunray
    # unzip

Check Java version

Sun Ray Server software 4.2 requires a 32-bit implementation of a Java(TM) 2 Platform, Standard Edition JRE(TM) of at least 1.6. The latest Java release is available at To check what JRE version is installed on your system, use the following command:

    #  java -version

JRE version 1.6 is also bundled on the Sun Ray Server software zip-file in the Supplemental directory. For my test installation I used the provided JRE in the Supplemental Directory:

    # cd /stage/sunray/srss_4.2/Supplemental/Java_Runtime_Environment/Linux/
    # sh ./jre-6u13-linux-i586.bin 
      <enter yes when prompted>
    # mv jre1.6.0_13 /opt

Install Tomcat

The Sun Ray Administration Tool (Admin GUI) requires that a Web server be installed and running on each Sun Ray server. The Admin GUI is hosted in a Apache Tomcat 5.5 Web container. For my test installation I used the provided Apache Tomcat in the Supplemental Directory:

     # cd /stage/sunray/srss_4.2/Supplemental/Apache_Tomcat/
     # gunzip apache-tomcat-5.5.20.tar.gz 
     # gtar xvf apache-tomcat-5.5.20.tar 
     # mv apache-tomcat-5.5.20 /opt
     # ln -s /opt/apache-tomcat-5.5.20 /opt/apache-tomcat

Install Sun Ray Server software

Installing Sun Ray Server software is nothing more then an install CLI-command and a reboot of the server: 

    # cd /stage/sunray/srss_4.2
    # ./utinstall 
      - read and accept the license
      - answer Y or N when prompted for French, Japanese, Chinese Admin GUI.
      - enter Java v1.6 (or later) location: /opt/jre1.6.0_13
      - continue installation with the selected packages
    # reboot

Before you reboot make sure you have unmounted the OEL installation DVD, it might be used as the primary boot device during the reboot.

Configure Sun Ray Server software

Sun Ray Server software installed, time to configure the software. This is done by a CLI-command and works straight-forward. Most of the defaults are OK, but here is what I used for my test server:

    # /opt/SUNWut/sbin/utconfig
      - Continue ([y]/n)? Y
      - Enter Sun Ray admin password:
      - Configure Sun Ray Web Administration? ([y]/n)? 
      - Enter Apache Tomcat installation directory [/opt/apache-tomcat]: 
      - Enter HTTP port number [1660]: 
      - Enable secure connections? ([y]/n)? 
      - Enter HTTPS port number [1661]: 
      - Enter Tomcat process username [utwww]:

      - Be sure to enable "remote administration" (non-default)
        Enable remote server administration? (y/[n])? y
      - Be sure to configure "Kiosk Mode" (non default)
        Configure Sun Ray Kiosk Mode? (y/[n])? y

      - Enter user prefix [utku]:
      - Enter group [utkiosk]:
      - Enter userID range start [150000]:
      - Enter number of users [25]:
      - Configure this server for a failover group? (y/[n])?
        It lists a summary and if you happy with it choose yes to continue
        the configuration. 
      - Continue ([y]/n)? y

Configuration of Sun Ray Server Software has completed.

Turn on Sun Ray Server services

Sun Ray Server has multiple network configuration options to start the services. I used the easy one which turns on the services on all ethernet-interfaces on the server and does not configure DHCP services:

    # /opt/SUNWut/sbin/utadm -L on
    # /opt/SUNWut/sbin/utrestart -c

At this time, you are ready to connect a Sun Ray to this server.

 Linux Firewall

If you did forget to turn off the Linux Firewall during installation, you can do that afterwards via the following CLI commands as the root user:

    # service iptables save 
    # service iptables stop 
    # chkconfig iptables off 

If the Firewall keeps running on the server, the Sun Ray device will not connect to the servers and you will see a 26B OSD message on your Sun Ray device.

Install Sun Ray Windows Connector on OEL

Installation of the RDP connector is straightforward. I only had one minor issue with a missing library-filename on OEL during the installation, when I found the other version of that library it worked without problems. Here is what I used on my test system:

    # cd /stage/sunray
    # groupadd srwc
    # unzip
    # cd srwc_2.2
    # ./installer
       Accept (Y/N):
       Enter "srwc" as group name
    # /opt/SUNWuttsc/sbin/uttscadm -c
       Enter complete location for [/lib/] :
    # /opt/SUNWut/sbin/utrestart -c

OK, that's it !! 

Install Oracle Enterprise Linux in Oracle Virtual Box VM

Recently I was involved in a project where Linux was the operating system for the Sun Ray server. Most of the projects I did in the past were based on Solaris servers and for my own learning experiences I wanted to to setup Sun Ray software on a recent Linux server distribution. Out of curiosity I decided to use Oracle Enterprise Linux, which is a fully compatible Red Hat version and one of the supported Sun Ray server platforms.

This article describes my installation and configuration notes to install Oracle Enterprise Linux 5.4 on a Virtual Box VM. I describe the following steps:

  • Configure a Virtual Box VM for Oracle Enterprise Linux
  • Installation of Oracle Enterprise Linux 5.4 for Sun Ray Server
In a follow-up article I describe the Sun Ray specific installation and configuration steps:
  • Prepare Oracle Enterprise Linux for Sun Ray Server software
  • Install and Configure Sun Ray Server software 

Configure the Virtual Box VM for Oracle Enterprise Linux

If you do not know Virtual Box, you might have a look at the Virtual Box website and download the software. After I launched the Virtual Box GUI on my Apple Mac OSX notebook I performed the following steps:

  • Select "New" to create a new virtual machine,
  • After I entered the name of the VM (I used oel-5u4-srss), I choose Linux as Operating Systems Type and Red Hat as the version. In my case I used the 32-bit version, but 64-bit is also reported to work. See the below screenshot:

  • I choose 1024 MB for the Base Memory size,
  • In the Virtual Hard Disk window I used the default settings: enable Boot Hard Disk and enable Create new hard disk,
  • In the Virtual Hard Disk configuration wizard, I used Dynamically enabled storage with a Maximum size of the disk of 20 GB. See the below screenshot:

  • Finish the configuration wizard and your new VM will be created.

Before starting the VM, we have to do some additional VM configuration settings in order to install Oracle Enterprise Linux as a server:

  • In the Virtual Box GUI select your just created VM and select the Details option in the right part of the window,
  • Scroll down to the Network settings. By default, the Network adapter is created in NAT configuration. This is OK for client machines, but we want to use our VM as a server, so we have to change this into the Bridged adapter,
  • Select Network in the Details section and change the Attached to: from NAT to Bridged Adapter.

On my Apple notebook, I downloaded the DVD iso file from the Oracle website:

  • I downloaded OEL 5.4 for i386, the 32-bit version from,
  • Before the download start you have to read and agree to the terms & conditions.

In the Virtual Box GUI, I continue in the Details section to attach the downloaded iso file to the VM as CD-ROM:

  • Select Storage and below IDE Controller select the CD-ROM icon (which is listed as empty),
  • In the right-hand side of the window select the "Open Media Manager" icon at the CD/DVD Device to mount your downloaded iso file as installation media.

The Virtual Machine is now ready for installation of Oracle Enterprise Linux.

Installation of Oracle Enterprise Linux 5.4 for Sun Ray Server

Now it is time to start the just created VM. It automatically boots from the ISO file and you see the Oracle Enterprise Linux boot screen. Make sure you install in graphical mode (the default). I followed a standard installation and used a lot of default settings in the installation wizard, except the configuration for network address and hostname:

  • In the Network Devices window I changed the configuration of the ethernet device from DHCP to Manual IP,
  • I entered a static IP address and netmask,
  • I also disabled IPv6,
  • I configured a hostname and the settings for gateway and DNS.
When the installation wizard is finished it starts to install the packages, after some time the installation is ready and it reboots the VM. After the reboot you will see the Oracle Enterprise Welcome screen on the VM console and you have to finish with post-installation settings. These are the one I used in my test server: 

  • Disable Firewall
  • Disabled SELinux Setting
  • Kdump (which I ignored) and Date/Time setting
  • Created a new user
  • Sound Card (ignored)
  • Additional CDs (ignored)

Reboot to finalize the settings and when the system comes back you are ready to prepare the Sun Ray server installation. This will be described in a follow-up article.

Knock, knock...

Better late then never. I needed to publish some information to partners after I presented at a seminar. So here it is, I created a Blog entry and maybe I post more entries in the future.


I post here hands-on examples which I have used in my Oracle VDI Desktop Virtualization projects at customers and partners.


« April 2014